Zz0Zz0

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Timesheet App version 1.0 **Description** A problematic issue has been found in the Add Timesheet Form component, specifically affecting the /endpoint/add-timesheet.php file. The manipulation of the `day/task` argument leads to cross-site scripting. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Timesheet App version 1.0, consider disabling the `day/task` argument in the /endpoint/add-timesheet.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the Add Timesheet Form component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Timesheet App version 1.0 **Description** A critical vulnerability was found in the SourceCodester Online Timesheet App, affecting an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the `timesheet` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Timesheet App version 1.0, consider disabling access to the /endpoint/delete-timesheet.php endpoint until a patch is available. As a temporary workaround, restrict the manipulation of the `timesheet` argument to minimize the risk of SQL injection exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Management System version 1.0 **Description** A problematic vulnerability has been found in the SourceCodester Employee Management System. This issue affects an unknown part of the file /Admin/add-admin.php. The manipulation of the `txtfullname` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Employee Management System version 1.0, consider validating all user input to prevent malicious code injection via the `txtfullname` parameter. As a temporary workaround, restrict access to the /Admin/add-admin.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.